I work at a company where we still have an authenticated HTTP proxy in place. It’s very boring having to config every new program I install which doesn’t support the http_proxy, https_proxy environment variables by hand.

I was playing with my Android phone and there’s an application called ProxyDroid, which I use, that proxifies all installed apps transparently. I decided to replicate this on my Xubuntu platform, but it should work on every Ubuntu/Debian variant.

First, we need to install the required packages:

1

2

3

sudo apt-getinstall iptables iptables-persistent redsocks

Now we will configure redsocks, which redirects connections to a set of defined proxies. I have only an HTTP/HTTPS proxy at work, so I edited the ‘/etc/redsocks.conf’ file with this info:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

base{

log_debug=off;

log_info=off;

log="syslog:daemon";

daemon=on;

user=redsocks;

group=redsocks;

redirector=iptables;

}

redsocks{

local_ip=127.0.0.1;

local_port=12345;

type=http-relay;

ip=ip.proxy.http;

port=3128;

login="pcaleiro";

password="pass";

}

redsocks{

local_ip=127.0.0.1;

local_port=12346;

type=http-connect;

ip=ip.proxy.https;

port=3128;

login="pcaleiro";

password="pass";

}

Do a ‘sudo service redsocks restart’ to reload the config file.
Now, we must configure the iptables rules to use our redsocks server.

1

2

3

4

5

6

7

8

9

10

11

sudo iptables-tnat-NREDSOCKS

sudo iptables-tnat-AREDSOCKS-d172.27.0.0/16-jRETURN

sudo iptables-tnat-AREDSOCKS-d127.0.0.0/24-jRETURN

sudo iptables-tnat-AREDSOCKS-ptcp--dport80-jREDIRECT--to-ports12345

sudo iptables-tnat-AREDSOCKS-ptcp-jREDIRECT--to-ports12346

sudo iptables-tnat-AOUTPUT-ptcp-oeth0-jREDSOCKS

First we added a new chain called ‘REDSOCKS’ to the ‘nat’ table.
Next we used “-j RETURN” rules for the networks we don’t want to use a proxy.
We then told iptables to redirect all port 80 connections to the http-relay redsocks port and all other connections to the http-connect redsocks port.
Finally we tell iptables to use the ‘REDSOCKS’ chain for all outgoing connection in the network interface ‘eth0’.

This configuration is not persistent between boots. To do that we just use:

1

2

3

4

sudo invoke-rc.diptables-persistent save

sudo update-rc.diptables-persistent defaults

And there you have it, your own ProxyDroid (albeit a little more silent :D). Don’t forget to disable your proxy configurations afterwards to “use no proxy” and delete your proxy environment variables.